Saturday, June 05, 2004
Reagan at sunsit at his ranch in the sky
Tnank you,Sir
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Thursday, June 03, 2004
Hacking Sparks Need for Complex Passwords
Jun 1,04
Hacking Sparks Need for Complex Passwords
By ANICK JESDANUN-AP Internet Writer
As more Web sites demand passwords, scammers are getting more clever about stealing them. Hence the need for such "passwords- plus" systems.
To access her bank account online, Marie Jubran opens a Web browser and types in her Swedish national ID number along with a four-digit password.
For additional security, she then pulls out a card that has 50 scratch- off codes. Jubran uses the codes, one by one, each time she logs on or performs a transaction. Her bank, Nordea PLC, automatically sends a new card when she's about to run out.
Scandinavian countries are among the leaders as many online businesses abandon static passwords in favor of so-called two-factor authentication.
"A password is a construct of the past that has run out of steam," said Joseph Atick, chief executive of Identix Inc., a Minnesota designer of fingerprint-based authentication. "The human mind-set is not used to dealing with so many different passwords and so many different PINs."
When a static password alone is required, security experts recommend that users combine letters and numbers and avoid easy- to-guess passwords like "1234" or a nickname.
Stevan Hoffacker follows those rules but commits a different faux pas: He uses the same password everywhere, including access to multiple e-mail accounts, Amazon.com, The New York Times' Web site and E-ZPass electronic toll statements.
In such cases, should hackers or scammers compromise one account, they potentially have one's entire online life.
"This is one of these things that if I stop and think about it, it is not good, but I do my best not to stop and think about it," said Hoffacker, an information technology manager in New York.
But it's difficult to remember dozens of strong passwords - so many sites now require them. Alternatives include writing them down on a sticky note attached to a monitor or in an electronic spreadsheet - practices security experts also deem unsafe.
Software such as Symantec Corp.'s Norton Password Manager and Apple Computer Inc.'s Keychain help store passwords in secure, encrypted form. But if you compromise the master password, you're out of luck. Your entire collection is gone.
Many sites, meanwhile, will e-mail passwords insecurely - without encryption - if you forget. A site called BugMeNot.com even encourages users to share passwords for nonfinancial sites like newspapers.
The tools of password harvesting are many:
Keystroke recorders secretly installed at public Internet terminals can capture passwords, as can "phishing" e-mails designed to trick users into submitting sensitive data to fraudulent sites that look authentic. There are computer viruses programmed to harvest passwords as well as software that guesses passwords by running through words in dictionaries.
Though analysts have no hard figures on password-specific fraud, they blame insecure passwords for unauthorized financial transfers, privacy breaches and even the hacking of corporate networks.
With two-factor authentication, having a password alone is useless.
"We will never play the fear factor here, but still it stays a fact that with our products, phishing is no longer an issue," said Jochem Binst of Vasco Data Security International Inc.
The Belgian company issues devices the size of pocket calculators or keychains. You type your regular password into the device for a second code that is based on the time and the unit's unique characteristics. That's the code you type into the Web site.
Someone who steals your device won't have your password; someone who steals your password won't have your device.
MasterCard International Inc. has been testing similar systems in Britain, Germany and Brazil. Swipe a credit card with a smart chip into a special reader, enter your PIN and obtain a password good only once at Office Max, British Airways and a dozen other merchants.
In Singapore, bank customers wishing to designate new accounts for fund transfers must likewise obtain a second password - through a phone call, e-mail or mobile text messaging.
Biometric systems are similar, except a fingerprint or iris scan replaces one or both passwords.
In the United States, use of two-factor authentication remains limited. RSA Security Inc. has several products, including RSA SecurID, but they are primarily issued to employees for remote network access and to customers with high-value portfolios.
"There's a delicate balance between maintaining security but also providing customers with ease of use," said Doug Johnson, senior policy analyst at the American Bankers Association.
Gartner analyst Avivah Litan said banks are "all afraid of making the first step. They don't want consumers going to other banks because it's too hard."
U.S. banks and e-commerce companies have focused, for now, on making sure passwords are strong. EBay, for instance, now rejects attempts to create passwords such as "ebay" or "password."
Before two-factor authentication becomes commonplace, laptops must come standard with biometric readers, or manufacturers must bring down costs for password-generating devices.
Outfitting 1 million customers with such devices could cost $20 million, while Internet fraud for those customers amounts to "tens of thousands at most," said Tony Chew, director of technology risk supervision at the Monetary Authority of Singapore. Singapore banks thus limit dynamic passwords to fund transfers, he said.
Companies also need to set standards.
Though Jubran enjoys her bank's scratch-off passwords, she wouldn't want the Amazon.coms of the world all adopting them as well.
"It would be too complicated to have 10 different cards you scrape off," the 24-year-old medical student said.
Jason Lewis, vice president of product management at RSA Security, figures companies will have to create services so a single device can work on multiple sites.
Nordea and other Scandinavian banks already have partnered with government agencies and utilities, and an identity-management coalition called the Liberty Alliance Project has begun to explore standards.
People will pay more attention to security as they keep more of their lives online, said Robert Chesnut, eBay's vice president for rules, trust and safety. He offered this analogy: "The more stuff you have in your house, the better the deadbolt lock you have."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Updates for your Yahoo Instant Messenger too now! Oh! Boy! I know, but
To make sure your use of the Yahoo messenger is safe Yahoo sets up this;
http://messenger.yahoo.com/messenger/security/
Another reason why I use Yahoo over other services. Set up to check for updates here ever 2 to 6 of months. Depending on how you use the messenger and how offen.
I know,
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Testing the "TV Tuners and Fingerprint Checks" in "Cellphones in Japan"
By PHRED DVORAK
TOKYO -- Japan, the country that brought the world the camera phone and downloadable ringtones, is one of the best places to spot cellphone trends in the making. Its fiercely competitive mobile operators routinely stuff their handsets with features that range from the functional (bar-code readers) to the frivolous (software that turns a cellphone into a controller for model racing cars).
Most of these features are offered only in Japan, and many will never make the leap across the Pacific. But I've tested two of the most intriguing new features available in Japan -- television tuners and fingerprint recognition -- to see how they stack up.
It isn't easy to put a TV tuner into a cellphone. The added components make the phone big and heavy, and TV watching eats up battery power. Broadcast TV signals are also hard to catch on the move.
Such technical difficulties have slowed development of TV-tuner-equipped phones, although scattered services, including Sprint's MobiTV in the U.S., send TV content to handsets via a data stream.
Nonetheless, two Japanese handset makers have put out TV tuner-equipped phones, both sold by Vodafone Group's Japan unit. The V601N from NEC went on sale in Japan in December, and the V401T from Toshiba, which includes an FM radio tuner, launched at the end of April. Both phones sell for around $85. (Samsung sells a TV tuner-equipped handset in South Korea, but canceled plans to roll out the phone in the U.S. and Europe.)
Toshiba and NEC both did a good job of keeping their TV-tuner phones compact. The clamshell-shaped V401T, for instance, has a camera and Internet-access capabilities, yet weighs in at four ounces, just a bit heavier than average.
The TVs on both handsets are easy to use. On NEC's, you flip open the phone, press "menu," then click on the icon with the picture of a TV on it. Toshiba's handset works similarly, but you have to set the region where you're using the phone first.
The big problem with both phones is reception, even with the handset's antenna extended. Toshiba and NEC have tried to beat the problem by building an antenna into the handset's earphone cord. But even then, I found most channels grainy, ghost-ridden and often indecipherable -- both in the Journal's 11th-floor office in downtown Tokyo and in my apartment in the suburbs.
If you can get a clear picture, the rest of the TV features work well. On normal TV mode the picture is extremely small -- about half the size of my thumb on Toshiba's V401T. But both handsets let you switch to a horizontal full-screen view that's much bigger.
Both handsets also let you capture snapshots from the TV, and Toshiba's lets you record up to 12 minutes of footage. In theory, this will allow you to record that winning home run so you can enjoy it again later. In practice, I wasn't on the ball enough to record Asashoryu's winning tackle in Tokyo's Summer Grand Sumo Tournament.
When a call comes in, the TV automatically switches to the phone. On the Toshiba, you're automatically returned to your show when the call ends. On the NEC, you have to restart the TV.
Watching television does run the battery down quickly, and you can watch continuously for only an hour or so before the handsets tell you you're out of power. But both handsets leave you enough battery life to use your phone: Toshiba's cellphone is set so that the TV shuts off automatically when only 10% of the battery power remains -- enough for about 10 minutes of phone calls.
Toshiba and NEC say picture quality could improve when digital broadcasting for mobile phones starts up in Japan in the next few years. Then, even if reception is spotty, the picture could be improved with error-correction software.
But until the picture problem is solved, don't expect TV tuners on a phone near you.
For the ultrasecurity conscious, NTT DoCoMo sells three handsets -- all made by Fujitsu -- that feature fingerprint-recognition technology. For now, though, all you can use it for is to lock your phone so nobody else can use it or check its call log.
The square metal-plate sensor in use on the F505i, which came out last year and now sells for around $130, was so finicky that DoCoMo couldn't even get it to work at the product launch.
But this year, Fujitsu has come out with a new fingerprint reader for DoCoMo's F900i and F506i phones, which sell for between $175 and $260. To register your print, you slide the tip of your finger over a strip-shaped sensor three times. (The handset tells you if you're sliding too fast or too slowly.) You can register up to 10 prints (for your 10 fingers), although the finger you use to unlock the phone must match the fingerprint that locked it.
Almost every time I tested the function on the F900i, the handset recognized my print without a hitch. Two friends who tested the phone also had no problems, once they got a feel for how fast to slide their fingers.
Right now, fingerprint recognition is mostly a novelty. But with NTT DoCoMo and other carriers planning services that will turn the cellphone into an electronic wallet, it could soon become an important security feature. At least now it works.
OH! Boy. I have saved SO much money not having one.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
